search

eldadru / ksniff

Kubectl plugin to ease sniffing on kubernetes pods using tcpdump and wireshark
Apache License 2.0
3.13k stars 186 forks source link

kubectl sniff fails with certificate error. #177

Open kristvanbesien opened 4 months ago

kristvanbesien commented 4 months ago

I am running in to the following issue:

% kubectl sniff -p dns-default-2t74k -n openshift-dns
Error: Get "https://api.cluster.example.com:6443/api/v1/namespaces/openshift-dns/pods/dns-default-2t74k?timeout=30s": x509: certificate signed by unknown authority

The certificate is signed by a CA with the root in my local keychain. Normal commands work:

% kubectl get pods -n openshift-dns
NAME                  READY   STATUS    RESTARTS   AGE
dns-default-2t74k     2/2     Running   0          15h
dns-default-5msgr     2/2     Running   0          15h
dns-default-llkdx     2/2     Running   0          15h
...

Maybe a difference in the way the plugin handles tls?

I am doing this from a Mac (M1) with MacOS 14.4

% kubectl version --short
Flag --short has been deprecated, and will be removed in the future. The --short output will become the default.
Client Version: v1.27.4
Kustomize Version: v5.0.1
Server Version: v1.25.14+bcb9a60
% kubectl krew version
OPTION            VALUE
GitTag            v0.4.4
GitCommit         343e657
IndexURI          https://github.com/kubernetes-sigs/krew-index.git
BasePath          /Users/krist/.krew
IndexPath         /Users/krist/.krew/index/default
InstallPath       /Users/krist/.krew/store
BinPath           /Users/krist/.krew/bin
DetectedPlatform  darwin/arm64
% kubectl krew list
PLUGIN  VERSION
krew    v0.4.4
sniff   v1.6.2